47432 matches found
SUSE-SU-2026:2092-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...
CVE-2026-40840
CVE-2026-40840 describes an unauthenticated SQL Injection in the VerifyCreateLicences function. An attacker with low privileges and remote access can exploit improper neutralization of elements in a SQL SELECT command, leading to total confidentiality loss. Documents consistently cite a SQLi in V...
CVE-2026-8898
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...
CVE-2026-6268
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...
CVE-2026-6268 EventPress < 22.2 – Reflected Cross-Site Scripting
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...
CVE-2026-6268 EventPress < 22.2 – Reflected Cross-Site Scripting
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...
CVE-2026-8898 Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...
EUVD-2026-32070
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...
CVE-2026-8898 Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...
CVE-2026-8898
CVE-2026-8898 concerns the WordPress plugin Events In City with versions up to and including 3.0. The vulnerability is a Stored Cross-Site Scripting issue arising from insufficient input sanitization and output escaping in the org_event_scode() function, where user-supplied shortcode attributes (...
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
Summary The striphtml filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a \n or \r character passes through...
GHSA-2QV6-9WX5-CWV4 LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
Summary The striphtml filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a \n or \r character passes through...
PT-2026-44094
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...
CVE-2026-46045
md/md-llbitmap: skip reading rdevs that are not insync...
PT-2026-43496
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress customizer notify dismiss action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-...
CVE-2026-45992
ALSA: caiaq: Fix potentially leftover ep1inurb at error path...
PT-2026-43867
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rxrpc component regarding connection-level packet handling. Security operations that verify RESPONSE packets decrypt portions of the data in place. If the sk buff...
PT-2026-43458
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.26.0 Description A flaw in the strip html filter logic allows for Cross-Site Scripting XSS. The filter is designed to remove HTML tags from strings to act as a sanitizer; however, it uses a regular expression wher...
PT-2026-43530
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizer id', 'width', 'height',...
PT-2026-44003
Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.7.0 through 4.0.12 RabbitMQ versions 4.1.0 through 4.1.1 Description RabbitMQ is a messaging and streaming broker that contains a security issue. Recommendations Update to version 4.0.13 Update to version 4.1.2...